Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
code share

Enforcing individual APM Policy "In Progress Sessions Limits"

Problem this snippet solves:

Hi Folks,

the iRule below can be used to enforce individual APM Policy "In Progress Sessions Limits" per source IP address.

The iRule make use of [class match] to retrive custom settings for individual client IPs and then uses [table] to count and finally enforce the individual "In Progress Sessions Limits" for APM authentication.

Cheers, Kai

How to use this snippet:
  1. Tweak the provided data-group and RULE_INIT section as needed.
  2. Import the data-group and iRule to your device.
  3. Attach the iRule to your APM enabled Virtual Server.
  4. Open different APM authentication sessions (via InPrivate browsing) to see if the iRule is able to block further APM session creations if the counter is reached.
Tested on Version:
Comments on this Snippet
Comment made 09-Sep-2016 by Stanislas Piron 10640


this is an interesting irule.

For better user experience, I should have set an APM session variable in ACCESS_SESSION_STARTED

ACCESS::session data set "session.custom.tomanysession" 1

instead of

ACCESS::respond 200 content "To many concurrent logon sessions from your IP address" noserver "Content-Type" "text/html"
ACCESS::session remove

and added a empty box in VPE with branch with expression expr { [mcget {session.custom.tomanysession}] != 0 } to dedicated policy ending with message:

To many concurrent logon sessions from your IP address

with this solution, the response page format is the same as access profile.

Comment made 09-Sep-2016 by Kai Wilke 7294

Hi Stanislas,

Cool suggestion. I'll definately include this appeoach when I update this post (it has currently some code glitches).

Cheers, Kai

Comment made 08-May-2017 by Sensoo L 0

Is there any way to replace the default value (in rule INIT: set static::inprogress_session_limit 5) on the APM profile?
Else, we have to set the default value (in APM profile) higher than the highest value of the datagroup because the APM profile's feature remains active.
Am i wrong?

Comment made 09-May-2017 by Stanislas Piron 10640

Hi Sensoo L,

you can set the access profile max in progress session to 0 (unlimited)!

Comment made 18-Oct-2018 by Ali Khan 57

Good Solution,

But in my scenario i am looking to limit 'ESTABLISHED' sessions per IP. Is this possible?